CVE-2023-27290

CRITICAL

IBM Instana - Info Disclosure

Title source: llm

Description

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.

Exploits (1)

exploitdb WORKING POC

by Shahid Parvez (zippon) · pythonremotemultiple

https://www.exploit-db.com/exploits/51314

View Code ZIP pw:eip

References (3)

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/248737

[Vendor Advisory] https://www.ibm.com/support/pages/node/6959969

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171770/IBM-Instana-243-0-Missing-Authentication.html

Scores

CVSS v3 9.1

EPSS 0.1649

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-306

Status published

Products (2)

ibm/observability_with_instana 243-0

ibm/observability_with_instana 239-0 - 239-2

Published Mar 03, 2023

Tracked Since Feb 18, 2026